lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002501c5f073$42133ef0$6600a8c0@kpllaptop>
Date: Wed Nov 23 21:16:50 2005
From: lyal.collins at key2it.com.au (Lyal Collins)
Subject: SmartCards programming...

The reality has been imho, since the mid-90s that the authentication issues
mentioned below (capture and misuse between entry device and processing
device) are generic attack models, and can best be addressed by placing
authentication and entry functions in the same
tamper-proof/tamper-evident/resistant device. This includes PIN/password
entry and biomeric capture. 
By necessity, authenication therefore needs a smartcard/secured storage
device carried by the user so that authicaiton can occur at the user's
location.
This then leads to every possible recipient/relying party to trust the
output of all authentication devices though some mechanism, consequently
this will only be deployed within definable communities of interest, in my
view. This is fine, since I don't want or need too authenticate myself to
everyone, only those with whom I have a trust relationship.

Just mho
Lyal


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Michael
Holstein
Sent: Thursday, 24 November 2005 7:42 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] SmartCards programming...


> The tough part here is figuring out how to have the software open the 
> file, but ensure that the contents are in fact inaccessible without 
> the smart card. In particular, securely handling the data after 
> opening to ensure that the data can't be saved in an unencrypted form 
> is fiendishly difficult, as every single DRM scheme to date has 
> demonstrated....

And even if you do get the programming bits right, there's still ways to 
get the hardware to cough it up -- a recent example being Bunnie's 
adventures with the Xbox.

> 3) Key management - more actual implementations manage to get this 
> wrong than do the actual crypto wrong.  You can do the crypto in a 
> totally secure manner, but it's still total security manure suitable 
> for fertilizing the flower garden if a keystroke logger can easily 
> sniff the passphrase....

Short of placing the entry keyboard on the same physical device as the 
card (think smartcard meets pocket calculator), you'll always be able to 
grab the passphrase in this manner. I'm not quite sure there will ever 
be a solution to that one.

Even with biometrics, there's nothing stopping me from reading the data 
as it's taken from the input device (ie: the USB fingerprint reader) and 
re-presenting that same data artifically.

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ